3 matches found
CVE-2020-11537
A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API...
CVE-2020-11537
ONLYOFFICE Document Server 5.5.0 is affected by a SQL Injection vulnerability that allows an attacker to execute arbitrary SQL queries via the DocID parameter of the Websocket API. Root cause: improper handling of input in the Websocket API leading to SQL injection. Impact: high/severe confidenti...
CVE-2020-11537
A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5.0. An attacker can execute arbitrary SQL queries via injection to DocID parameter of Websocket API...